Climate change is already having a financial impact for many organisations. For example, businesses have lost premises, stock and sales due to increased flooding and are subsequently faced with higher insurance costs; utility costs have increased as suppliers meet tighter regulations; and products with lower carbon footprints have provided new growth opportunities and improved sales. Many boards will have established their strategic response, either explicitly or as part of a broader strategy. Whatever an organisation’s approach, climate change brings risks, and most will have a financial impact.
This guidance addresses some of the main sources of financial risk in relation to climate change. These will materialise in different ways for different organisations but should be considered by all organisations. Clearly, given the broad scope of financial risk, this cannot be an exhaustive list but will focus on generic and pervasive impacts.
In assessing potential impact, the internal auditor needs to have some understanding of the different types of financial impacts which may arise. Much of this is external to the organisation, but the internal auditor also needs to understand the organisation’s own strategic approach to climate change to put the risk in context.
It is helpful to start planning by understanding and evaluating the organisation’s risk framework and appetite as it relates to climate change, both at a strategic and operational level. Some questions to consider are as follows (while this is focused on financial risks, the same approach can be broadened to consider the full scope of climate-related risks):
It is likely that this topic will be addressed at a strategic level and then be embedded throughout relevant audits. It is important that the plan shows the totality of coverage to ensure no gaps, and that internal audit leaders pull together information from different audits to give an overall view, possibly incorporating other climate-related audit coverage. This maximises the impact of internal audit’s work to add real value at board level.
It is useful to consider the financial sector’s approach to climate risks as this will impact other sectors through investment decisions, lending terms, and insurance coverage and costs. As banks and insurers become more aware of their clients’ risks, a process being accelerated by regulatory focus including experimentation with industry-wide stress testing, these risks will increasingly be factored into decision-making. The Climate Financial Risk Forum (CFRF) summarises financial risks as deriving from two broad categories:
Both are seen by the CFRF to potentially impact cash flows and balance sheets. Physical risks potentially also impact operational functioning of organisations. These risks are considered in greater detail in other guidance, but include:
These will clearly need adapting to specific industries and businesses but provide a framework to help internal auditors consider the risks and their operational and strategic impacts. One particular challenge is the many-to-many relationship between underlying climate risks, the financial impacts of these, and the resulting financial risks to an organisation. The diagram below provides a simplified summary of this.
The potential impacts in each category are illustrative and highlight the need for the internal auditor to understand the key financial drivers (both balance sheet and cash flow) and the key business processes for each significant business unit in the organisation. The approach taken in approaching this audit will, to a large extent, depend on the level of work the organisation has already done to understand and address its financial risks.
Note that operational impacts are extremely broad, and are akin to any other business disruption event. The table below focuses on financial risks and impacts, providing potential controls and mitigations to help the internal auditor plan and perform the audit.
Risk | Potential controls/mitigations | Comments |
Reduction in fixed asset values due to potential or actual weather-related events. |
The business has identified key risks which may result in potential damage to premises, plant and, and sets out a combination of:
|
With existing assets, the options are clearly more limited and organisations need to weigh up the potential impacts, likelihood, and costs to mitigate. This involves both the ability to predict events which is sometimes very difficult, and the ability to predict the impacts of those events. Insurance may be increasingly difficult to obtain for high-risk assets or may become prohibitively expensive. Thus, while insurance is one mitigation, it may eventually compound the risk, so it is important not to over-rely on insurance. |
Reduction in fixed asset values due to obsolescence caused by technological change in response to climate change. |
Horizon scanning and competitor analysis is used to understand the evolving market. Investment evaluation and approval processes incorporate an analysis of risks which includes technological changes and their impact on expected asset lives |
The longer the investment term, the greater the level of uncertainty. The internal auditor should pay attention to underlying assumptions and watch out for assumptions which are over-optimistic. An analysis incorporating a range of scenarios would be optimal. |
Reduction in stock values due to changes in demand for products or lost stock due to weather-related events. |
An ongoing process of horizon scanning is established to identify market changes. The business has identified key risks which may result in potential damage to stock and sets out a combination of:
|
The risk and potential controls are similar to those for fixed assets, but the time horizons may be different and so the business responses may not be the same. |
Increase in bad debts due to economic impacts of climate-change. |
Credit policies and processes incorporate risks related to climate change | As well as credit risks for individual organisations, it is important to evaluate risks relating to the markets in which the business is operating or selling into. |
Reduced sales due to failure to respond to changing market. |
Business strategy is supported by appropriate market research. An ongoing process of horizon scanning is established to identify market changes. Sales analysis identifies trends at an early stage |
This risk corresponds closely to those relating to stock and fixed asset obsolescence. While this risk is focused on how consumers will adapt to new products and become more aware of the climate impacts of manufacturers and suppliers, the same risk applies to business customers who are looking at supply chain impacts as part of their own climate strategy. |
Increase in costs of commodities, raw materials and/or utilities. |
There is an evaluation of supply risks which includes:
|
These mitigations/controls need to have a time-horizon which corresponds with the projected lifecycle of the relevant products. |
Contingent liabilities (These are potential costs that may or may not be incurred depending on the result of an uncertain future event. Examples are potential litigation, warranty claims or bank guarantees. If certain criteria are met, these need to be disclosed in financial statements.) |
Processes to demonstrate legal and regulatory compliance, in line with a clearly articulated strategy. Horizon scanning to understand emerging risks of litigation. Legal review of warranties or guarantees |
Litigation can come from a variety of stakeholders and may result from the failure to mitigate or adapt to climate-related impacts. The risk will be higher in industries with a higher impact (eg fossil fuels). |
A lack of reporting of climate related risks or impacts results in loss of access to capital. |
Clear reporting in line with expectations of banks and providers of capital. | See more detail in separate guidance on climate related reporting |
The relative importance of each of these risks will depend on the nature of the organisation’s business, typical product lifecycles and the locations in which it operates and with which it does business. Given the pace of change in our scientific understanding of climate change, public attitudes and government policy, financial risk assessments need to be refreshed frequently and organisations need to be ready to adopt additional mitigating measures. It is therefore important that internal audit maintains its focus on these risks both strategically and through each element of its audit plan.
Financial impacts are implicit within most climate-related risks. However, it is important for internal audit to explicitly consider the risks to financial statements and the resultant risks of reduced access to capital, liquidity implications, and difficulty obtaining cost-effective insurance. A deep understanding of the business is required, but there is a real opportunity to provide challenge and assurance at the highest level of any organisation.
Auditing climate data and reporting
Climate impact within supply chains
Sustainable product risk management
Climate change and environmental impact
FCA - Climate Financial Risk Forum guide 2020 Risk Management chapter
Gov.uk - Environmental Reporting Guidelines: Including streamlined energy and carbon reporting guidance
Global Reporting Initiative (GRI) - Standards
Task Force on Climate related Financial Disclosures (TFCFD)
Final TCFD Recommendations Report, June 2017